Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy

Read Time:18 Second

Microsoft revealed on May 24 that the Chinese threat group Volt Typhoon attempted to gain access to communications systems in the United States, including Navy infrastructure on Guam. Secretary of the Navy Carlos Del Toro later confirmed the Navy “has been impacted” by the cyberattacks, although he provided no further details.

To read this article in full, please click here

Read More

10 notable critical infrastructure cybersecurity initiatives in 2023

Read Time:29 Second

The security of critical infrastructure has been high on the agenda in 2023, with cyberattacks and other risks posing a persistent threat to the technologies and systems relied upon for essential services such as energy, food, electricity, and healthcare.

Research from cybersecurity services firm Bridewell assessed the current state of critical national infrastructure (CNI) threats in the UK and the US, warning that global economic downturns, geopolitical tensions, nation-state actors, and ransomware are all contributing to increasing threats faced by organizations and suppliers in the CNI space.

To read this article in full, please click here

Read More

CVE-2015-10112

Read Time:26 Second

A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652.

Read More

CVE-2014-125105

Read Time:30 Second

A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function options_page of the file core/core.php of the component Settings Page. The manipulation of the argument exclusion_list/blc_custom_fields leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.10.2 is able to address this issue. The name of the patch is 90615fe9b0b6f9e6fb254d503c302e53a202e561. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230659.

Read More